http://secdocs.lonerunners.net Latest security documents RSS feed for author Nathan Hamiel en-us <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/291-social-engineering">social engineering</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/98-black-hat-asia-2008">Black Hat Asia 2008</a> <br/> Sun, 22 Jan 2012 06:48:41 +0100 http://secdocs.lonerunners.net/documents/details/4786-satan-is-on-my-friends-list-sns-survey http://secdocs.lonerunners.net/documents/details/4786-satan-is-on-my-friends-list-sns-survey <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/291-social-engineering">social engineering</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/98-black-hat-asia-2008">Black Hat Asia 2008</a> <br/> Sun, 22 Jan 2012 06:48:41 +0100 http://secdocs.lonerunners.net/documents/details/4787-satan-is-on-my-friends-list-sns-survey http://secdocs.lonerunners.net/documents/details/4787-satan-is-on-my-friends-list-sns-survey <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/1127-marcin-wielgoszewski">Marcin Wielgoszewski</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/68-web">web</a> <a href="http://secdocs.lonerunners.net/tags/details/218-python">python</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, or even fat client they all seem to be using web protocols to communicate. Adding to the traditional landscape there is rise in the use of application programming interfaces, integration hooks, and next generation web technologies. What this means for someone testing web applications is that flexibility is the key to success. The Python programming language is just as flexible as today’s web application platforms. The language is appealing to security professionals because it is easy to read and write, has a wide variety of modules, and has plenty of resources for help. This additional flexibility affords the tester greater depth than many of the canned tests that come with common tools they use on a daily basis. Greater familiarity plus flexible language equals tester win! In this presentation we introduce methods with which to create your own clients, tools, and test cases using the Python programming language. We want to put testers closer to the conditions in which they are testing for and arm them with the necessary resources to be successful. We also discuss interfacing with current tools that people commonly use for web application testing. This allows for pinpoint identification of specific vulnerabilities and conditions that are difficult for other tools to identify. Tue, 13 Sep 2011 09:41:02 +0200 http://secdocs.lonerunners.net/documents/details/4003-constricting-the-web-offensive-python-for-web-hackers http://secdocs.lonerunners.net/documents/details/4003-constricting-the-web-offensive-python-for-web-hackers <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/1127-marcin-wielgoszewski">Marcin Wielgoszewski</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/68-web">web</a> <a href="http://secdocs.lonerunners.net/tags/details/218-python">python</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/71-black-hat-usa-2010">Black Hat USA 2010</a> <br/><b>Abstract</b>: It seems that everything is a web application nowadays. Whether the application is cloud-based, mobile, or even fat client they all seem to be using web protocols to communicate. Adding to the traditional landscape there is rise in the use of application programming interfaces, integration hooks, and next generation web technologies. What this means for someone testing web applications is that flexibility is the key to success. The Python programming language is just as flexible as today’s web application platforms. The language is appealing to security professionals because it is easy to read and write, has a wide variety of modules, and has plenty of resources for help. This additional flexibility affords the tester greater depth than many of the canned tests that come with common tools they use on a daily basis. Greater familiarity plus flexible language equals tester win! In this presentation we introduce methods with which to create your own clients, tools, and test cases using the Python programming language. We want to put testers closer to the conditions in which they are testing for and arm them with the necessary resources to be successful. We also discuss interfacing with current tools that people commonly use for web application testing. This allows for pinpoint identification of specific vulnerabilities and conditions that are difficult for other tools to identify. Tue, 13 Sep 2011 09:40:59 +0200 http://secdocs.lonerunners.net/documents/details/4002-constricting-the-web-offensive-python-for-web-hackers http://secdocs.lonerunners.net/documents/details/4002-constricting-the-web-offensive-python-for-web-hackers <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/1127-marcin-wielgoszewski">Marcin Wielgoszewski</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/218-python">python</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/65-defcon-18">DEFCON 18</a> <br/> Thu, 10 Feb 2011 05:25:14 +0100 http://secdocs.lonerunners.net/documents/details/3418-constricting-the-web-offensive-python-for-web-hackers http://secdocs.lonerunners.net/documents/details/3418-constricting-the-web-offensive-python-for-web-hackers <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/1127-marcin-wielgoszewski">Marcin Wielgoszewski</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/218-python">python</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/65-defcon-18">DEFCON 18</a> <br/> Thu, 10 Feb 2011 05:25:14 +0100 http://secdocs.lonerunners.net/documents/details/3419-constricting-the-web-offensive-python-for-web-hackers http://secdocs.lonerunners.net/documents/details/3419-constricting-the-web-offensive-python-for-web-hackers <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Wed, 21 Jul 2010 12:41:00 +0200 http://secdocs.lonerunners.net/documents/details/2705-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/2705-satan-is-on-my-friends-list-attacking-social-networks <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Wed, 21 Jul 2010 12:41:00 +0200 http://secdocs.lonerunners.net/documents/details/2706-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/2706-satan-is-on-my-friends-list-attacking-social-networks <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Wed, 21 Jul 2010 12:41:00 +0200 http://secdocs.lonerunners.net/documents/details/2707-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/2707-satan-is-on-my-friends-list-attacking-social-networks <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/42-black-hat-usa-2008">Black Hat USA 2008</a> <br/> Wed, 21 Jul 2010 12:41:00 +0200 http://secdocs.lonerunners.net/documents/details/2708-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/2708-satan-is-on-my-friends-list-attacking-social-networks <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/68-web">web</a> <a href="http://secdocs.lonerunners.net/tags/details/125-web-20">Web 2.0</a> <a href="http://secdocs.lonerunners.net/tags/details/162-xss">XSS</a> <a href="http://secdocs.lonerunners.net/tags/details/253-csrf">CSRF</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/39-defcon-17">DEFCON 17</a> <br/> Tue, 13 Apr 2010 06:02:37 +0200 http://secdocs.lonerunners.net/documents/details/2329-weaponizing-the-web-new-attacks-on-user-generated-content http://secdocs.lonerunners.net/documents/details/2329-weaponizing-the-web-new-attacks-on-user-generated-content <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/68-web">web</a> <a href="http://secdocs.lonerunners.net/tags/details/125-web-20">Web 2.0</a> <a href="http://secdocs.lonerunners.net/tags/details/162-xss">XSS</a> <a href="http://secdocs.lonerunners.net/tags/details/253-csrf">CSRF</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/39-defcon-17">DEFCON 17</a> <br/> Tue, 13 Apr 2010 06:02:34 +0200 http://secdocs.lonerunners.net/documents/details/2327-weaponizing-the-web-new-attacks-on-user-generated-content http://secdocs.lonerunners.net/documents/details/2327-weaponizing-the-web-new-attacks-on-user-generated-content <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/101-intelligence">intelligence</a> <a href="http://secdocs.lonerunners.net/tags/details/102-information-operation">information operation</a> <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/16-defcon-16">DEFCON 16</a> <br/> Tue, 10 Nov 2009 06:07:34 +0100 http://secdocs.lonerunners.net/documents/details/1523-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/1523-satan-is-on-my-friends-list-attacking-social-networks <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/68-web">web</a> <a href="http://secdocs.lonerunners.net/tags/details/83-exploiting">exploiting</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/30-black-hat-usa-2009">Black Hat USA 2009</a> <br/> Wed, 09 Sep 2009 18:28:00 +0200 http://secdocs.lonerunners.net/documents/details/1266-weaponizing-the-web-more-attacks-on-user-generated-content http://secdocs.lonerunners.net/documents/details/1266-weaponizing-the-web-more-attacks-on-user-generated-content <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/13-web-application">web application</a> <a href="http://secdocs.lonerunners.net/tags/details/68-web">web</a> <a href="http://secdocs.lonerunners.net/tags/details/83-exploiting">exploiting</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/30-black-hat-usa-2009">Black Hat USA 2009</a> <br/> Wed, 09 Sep 2009 18:19:00 +0200 http://secdocs.lonerunners.net/documents/details/1265-weaponizing-the-web-more-attacks-on-user-generated-content http://secdocs.lonerunners.net/documents/details/1265-weaponizing-the-web-more-attacks-on-user-generated-content <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/101-intelligence">intelligence</a> <a href="http://secdocs.lonerunners.net/tags/details/102-information-operation">information operation</a> <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/16-defcon-16">DEFCON 16</a> <br/> Sat, 04 Apr 2009 14:02:00 +0200 http://secdocs.lonerunners.net/documents/details/559-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/559-satan-is-on-my-friends-list-attacking-social-networks <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/476-nathan-hamiel">Nathan Hamiel</a> <a href="http://secdocs.lonerunners.net/authors/details/388-shawn-moyer">Shawn Moyer</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/101-intelligence">intelligence</a> <a href="http://secdocs.lonerunners.net/tags/details/102-information-operation">information operation</a> <a href="http://secdocs.lonerunners.net/tags/details/256-social">social</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/16-defcon-16">DEFCON 16</a> <br/> Sat, 04 Apr 2009 13:50:00 +0200 http://secdocs.lonerunners.net/documents/details/558-satan-is-on-my-friends-list-attacking-social-networks http://secdocs.lonerunners.net/documents/details/558-satan-is-on-my-friends-list-attacking-social-networks